--- title: "WHOIS data retrieval" slug: "whois-data-retrieval" updated: 2026-01-07T15:05:32Z published: 2026-01-07T15:05:32Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.silentpush.com/llms.txt > Use this file to discover all available pages before exploring further. # WHOIS data retrieval Silent Push’s Xperimental Queries provide robust tools for retrieving both historical Whois data and live RDAP WHOIS data, enabling security teams to investigate Domain ownership, track changes, and enhance cybersecurity efforts. These tools, accessible via the Advanced Query Builder, provide comprehensive insights into domain registration history and current Status, enabling the identification of threats such as phishing, malware distribution, or domain hijacking. ## Historical WHOIS Data Lookup Historical WHOIS data reveals past ownership and registration details, crucial for verifying website legitimacy, investigating cybercrimes, or detecting patterns in malicious activity. By analyzing changes in registrant names, contact information, or IP addresses, security teams can build profiles of attackers and identify connections between domains or threat actors. This is particularly useful for domains registered before the GDPR, which may reveal unredacted ownership details that are unavailable in current records. 1. From the left navigation menu, select **Advanced Query Builder > Xperimental Queries > Domain WHOIS History.** 2. Specify a domain. - (Optional) Select a **sample interval** (Day, Week, Month, Quarter, Year) to retrieve one record per period. - (Optional) Set `changes_only` to true to show only records with changes. 3. Set a **limit** for the number of results. 4. Click **Search**. ## Live RDAP WHOIS query The Registration Data Access Protocol (RDAP) WHOIS query retrieves current registration data for domains, IP addresses, or Autonomous System Numbers (ASNs) in a structured JSON format. RDAP offers improved performance, scalability, and privacy protections compared to traditional WHOIS, including restricted access based on user credentials. This tool is ideal for real-time verification of domain ownership or identifying recent changes that may signal threats. 1. From the left navigation menu, select **Advanced Query Builder > Xperimental Queries > Tools - Live RDAP WHOIS Lookup**. 2. Select a **query type** (ASN, Domain, IP, Entity). 3. Specify a **query name**. - (Optional for Entity queries) Select a **regional registr**y. 4. Choose a **results format** (compact or full RDAP results). 5. Click **Search**. ## Save Query 1. Specify query parameters. 2. Click **Save Query**. 3. Provide a **Name** and **Description** for context. 4. Click **Save**. The query appears in [**Private Queries**](https://help.silentpush.com/docs/private-queries). Publicly available data collected during domain registration or DNS updates, used to analyze domain ownership and history. The human-readable name (e.g., example.com) associated with an indicator of compromise (IoC) or network resource, used to identify and access websites or services in threat intelligence analysis. A user-updatable field indicating the current state or disposition of a threat, such as active, mitigated, or under investigation. A feature leveraging passive DNS data to investigate and correlate related threats, such as associated IPs, domains, or other indicators. A feature that tracks historical changes in a domain’s WHOIS records, such as ownership, registrar, or nameserver updates, to identify patterns of malicious behavior or infrastructure reuse.